TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 3c0b53b2b0c88e289e6d5831e9c6d9b3c1c73b42 / . / library / aria.c
blob: 9121d8fb2368b82a30061787ab7bc19b54c1524d [file] [log] [blame]
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]1/*
2 * ARIA implementation
3 *
4 * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_ARIA_C)
29
30#include "mbedtls/aria.h"
31
32#include <string.h>
33
34#if defined(MBEDTLS_SELF_TEST)
35#if defined(MBEDTLS_PLATFORM_C)
36#include "mbedtls/platform.h"
37#else
38#include <stdio.h>
39#define mbedtls_printf printf
40#endif /* MBEDTLS_PLATFORM_C */
41#endif /* MBEDTLS_SELF_TEST */
42
43#if !defined(MBEDTLS_ARIA_ALT)
44
45// 32-bit integer manipulation macros (little endian)
46
47#ifndef GET_UINT32_LE
48#define GET_UINT32_LE(n,b,i) \
49{ \
50 (n) = ( (uint32_t) (b)[(i) ] ) \
51 | ( (uint32_t) (b)[(i) + 1] << 8 ) \
52 | ( (uint32_t) (b)[(i) + 2] << 16 ) \
53 | ( (uint32_t) (b)[(i) + 3] << 24 ); \
54}
55#endif
56
57#ifndef PUT_UINT32_LE
58#define PUT_UINT32_LE(n,b,i) \
59{ \
60 (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
61 (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
62 (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
63 (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
64}
65#endif
66
67// FLIP1 modifies byte order ( A B C D ) -> ( C D A B ), i.e. rotate by 16 bits
68#define ARIA_FLIP1(x) (((x) >> 16) ^ ((x) << 16))
69
70// FLIP2 modifies byte order ( A B C D ) -> ( B A D C ), swap pairs of bytes
71#define ARIA_FLIP2(x) ((((x) >> 8) & 0x00FF00FF) ^ (((x) & 0x00FF00FF) << 8))
72
73// Affine Transform A
74// (ra, rb, rc, rd) = state in/out
75// (ta, tb, tc) = temporary variables
76
77#define ARIA_A( ra, rb, rc, rd, ta, tb, tc ) { \
78 ta = rb; \
79 rb = ra; \
80 ra = ARIA_FLIP1( ta ); \
81 tb = ARIA_FLIP1( rd ); \
82 rd = ARIA_FLIP2( rc ); \
83 rc = ARIA_FLIP2( tb ); \
84 ta ^= rd; \
85 tc = ARIA_FLIP1( rb ); \
86 ta = ARIA_FLIP2( ta ) ^ tc ^ rc; \
87 tb ^= ARIA_FLIP1( rd ); \
88 tc ^= ARIA_FLIP2( ra ); \
89 rb ^= ta ^ tb; \
90 tb = ARIA_FLIP1( tb ) ^ ta; \
91 ra ^= ARIA_FLIP2( tb ); \
92 ta = ARIA_FLIP1( ta ); \
93 rd ^= ARIA_FLIP2( ta ) ^ tc; \
94 tc = ARIA_FLIP1( tc ); \
95 rc ^= ARIA_FLIP2( tc ) ^ ta; \
96}
97
98
99// ARIA Round function ( Substitution Layer SLx + Affine Transform A )
100// (ra, rb, rc, rd) = state in/out
101// (sa, sb, sc, sd) = 256 8-bit S-Boxes
102// (ta, tb, tc) = temporary variables
103
104#define ARIA_SLA( ra, rb, rc, rd, sa, sb, sc, sd, ta, tb, tc ) { \
105 ta = ( (uint32_t) sc[(rb >> 16) & 0xFF]) ^ \
106 (((uint32_t) sd[ rb >> 24]) << 8) ^ \
107 (((uint32_t) sa[ rb & 0xFF]) << 16) ^ \
108 (((uint32_t) sb[(rb >> 8) & 0xFF]) << 24); \
109 rb = ( (uint32_t) sa[ ra & 0xFF]) ^ \
110 (((uint32_t) sb[(ra >> 8) & 0xFF]) << 8) ^ \
111 (((uint32_t) sc[(ra >> 16) & 0xFF]) << 16) ^ \
112 (((uint32_t) sd[ ra >> 24]) << 24); \
113 ra = ta; \
114 ta = ( (uint32_t) sd[ rd >> 24]) ^ \
115 (((uint32_t) sc[(rd >> 16) & 0xFF]) << 8) ^ \
116 (((uint32_t) sb[(rd >> 8) & 0xFF]) << 16) ^ \
117 (((uint32_t) sa[ rd & 0xFF]) << 24); \
118 rd = ( (uint32_t) sb[(rc >> 8) & 0xFF]) ^ \
119 (((uint32_t) sa[ rc & 0xFF]) << 8) ^ \
120 (((uint32_t) sd[ rc >> 24]) << 16) ^ \
121 (((uint32_t) sc[(rc >> 16) & 0xFF]) << 24); \
122 rc = ta; \
123 ta = ARIA_FLIP1( ra ) ^ rd; \
124 tc = ARIA_FLIP1( rb ); \
125 ta = ARIA_FLIP2( ta ) ^ tc ^ rc; \
126 tb = ARIA_FLIP2( rc ) ^ ARIA_FLIP1( rd ); \
127 tc ^= ARIA_FLIP2( ra ); \
128 rb ^= ta^ tb; \
129 tb = ARIA_FLIP1( tb ) ^ ta; \
130 ra ^= ARIA_FLIP2( tb ); \
131 ta = ARIA_FLIP1( ta ); \
132 rd ^= ARIA_FLIP2( ta ) ^ tc; \
133 tc = ARIA_FLIP1( tc ); \
134 rc ^= ARIA_FLIP2( tc ) ^ ta; \
135}
136
137// S-Boxes
138
139static const uint8_t aria_sb1[0x100] =
140{
141 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B,
142 0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
143 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 0xB7, 0xFD, 0x93, 0x26,
144 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
145 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2,
146 0xEB, 0x27, 0xB2, 0x75, 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
147 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 0x53, 0xD1, 0x00, 0xED,
148 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
149 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F,
150 0x50, 0x3C, 0x9F, 0xA8, 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
151 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 0xCD, 0x0C, 0x13, 0xEC,
152 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
153 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14,
154 0xDE, 0x5E, 0x0B, 0xDB, 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
155 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 0xE7, 0xC8, 0x37, 0x6D,
156 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
157 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F,
158 0x4B, 0xBD, 0x8B, 0x8A, 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
159 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 0xE1, 0xF8, 0x98, 0x11,
160 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
161 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F,
162 0xB0, 0x54, 0xBB, 0x16
163};
164
165static const uint8_t aria_sb2[0x100] =
166{
167 0xE2, 0x4E, 0x54, 0xFC, 0x94, 0xC2, 0x4A, 0xCC, 0x62, 0x0D, 0x6A, 0x46,
168 0x3C, 0x4D, 0x8B, 0xD1, 0x5E, 0xFA, 0x64, 0xCB, 0xB4, 0x97, 0xBE, 0x2B,
169 0xBC, 0x77, 0x2E, 0x03, 0xD3, 0x19, 0x59, 0xC1, 0x1D, 0x06, 0x41, 0x6B,
170 0x55, 0xF0, 0x99, 0x69, 0xEA, 0x9C, 0x18, 0xAE, 0x63, 0xDF, 0xE7, 0xBB,
171 0x00, 0x73, 0x66, 0xFB, 0x96, 0x4C, 0x85, 0xE4, 0x3A, 0x09, 0x45, 0xAA,
172 0x0F, 0xEE, 0x10, 0xEB, 0x2D, 0x7F, 0xF4, 0x29, 0xAC, 0xCF, 0xAD, 0x91,
173 0x8D, 0x78, 0xC8, 0x95, 0xF9, 0x2F, 0xCE, 0xCD, 0x08, 0x7A, 0x88, 0x38,
174 0x5C, 0x83, 0x2A, 0x28, 0x47, 0xDB, 0xB8, 0xC7, 0x93, 0xA4, 0x12, 0x53,
175 0xFF, 0x87, 0x0E, 0x31, 0x36, 0x21, 0x58, 0x48, 0x01, 0x8E, 0x37, 0x74,
176 0x32, 0xCA, 0xE9, 0xB1, 0xB7, 0xAB, 0x0C, 0xD7, 0xC4, 0x56, 0x42, 0x26,
177 0x07, 0x98, 0x60, 0xD9, 0xB6, 0xB9, 0x11, 0x40, 0xEC, 0x20, 0x8C, 0xBD,
178 0xA0, 0xC9, 0x84, 0x04, 0x49, 0x23, 0xF1, 0x4F, 0x50, 0x1F, 0x13, 0xDC,
179 0xD8, 0xC0, 0x9E, 0x57, 0xE3, 0xC3, 0x7B, 0x65, 0x3B, 0x02, 0x8F, 0x3E,
180 0xE8, 0x25, 0x92, 0xE5, 0x15, 0xDD, 0xFD, 0x17, 0xA9, 0xBF, 0xD4, 0x9A,
181 0x7E, 0xC5, 0x39, 0x67, 0xFE, 0x76, 0x9D, 0x43, 0xA7, 0xE1, 0xD0, 0xF5,
182 0x68, 0xF2, 0x1B, 0x34, 0x70, 0x05, 0xA3, 0x8A, 0xD5, 0x79, 0x86, 0xA8,
183 0x30, 0xC6, 0x51, 0x4B, 0x1E, 0xA6, 0x27, 0xF6, 0x35, 0xD2, 0x6E, 0x24,
184 0x16, 0x82, 0x5F, 0xDA, 0xE6, 0x75, 0xA2, 0xEF, 0x2C, 0xB2, 0x1C, 0x9F,
185 0x5D, 0x6F, 0x80, 0x0A, 0x72, 0x44, 0x9B, 0x6C, 0x90, 0x0B, 0x5B, 0x33,
186 0x7D, 0x5A, 0x52, 0xF3, 0x61, 0xA1, 0xF7, 0xB0, 0xD6, 0x3F, 0x7C, 0x6D,
187 0xED, 0x14, 0xE0, 0xA5, 0x3D, 0x22, 0xB3, 0xF8, 0x89, 0xDE, 0x71, 0x1A,
188 0xAF, 0xBA, 0xB5, 0x81
189};
190
191static const uint8_t aria_is1[0x100] =
192{
193 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E,
194 0x81, 0xF3, 0xD7, 0xFB, 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
195 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, 0x54, 0x7B, 0x94, 0x32,
196 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
197 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49,
198 0x6D, 0x8B, 0xD1, 0x25, 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
199 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, 0x6C, 0x70, 0x48, 0x50,
200 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
201 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05,
202 0xB8, 0xB3, 0x45, 0x06, 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
203 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, 0x3A, 0x91, 0x11, 0x41,
204 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
205 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8,
206 0x1C, 0x75, 0xDF, 0x6E, 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
207 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, 0xFC, 0x56, 0x3E, 0x4B,
208 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
209 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59,
210 0x27, 0x80, 0xEC, 0x5F, 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
211 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF, 0xA0, 0xE0, 0x3B, 0x4D,
212 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
213 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63,
214 0x55, 0x21, 0x0C, 0x7D
215};
216
217static const uint8_t aria_is2[0x100] =
218{
219 0x30, 0x68, 0x99, 0x1B, 0x87, 0xB9, 0x21, 0x78, 0x50, 0x39, 0xDB, 0xE1,
220 0x72, 0x09, 0x62, 0x3C, 0x3E, 0x7E, 0x5E, 0x8E, 0xF1, 0xA0, 0xCC, 0xA3,
221 0x2A, 0x1D, 0xFB, 0xB6, 0xD6, 0x20, 0xC4, 0x8D, 0x81, 0x65, 0xF5, 0x89,
222 0xCB, 0x9D, 0x77, 0xC6, 0x57, 0x43, 0x56, 0x17, 0xD4, 0x40, 0x1A, 0x4D,
223 0xC0, 0x63, 0x6C, 0xE3, 0xB7, 0xC8, 0x64, 0x6A, 0x53, 0xAA, 0x38, 0x98,
224 0x0C, 0xF4, 0x9B, 0xED, 0x7F, 0x22, 0x76, 0xAF, 0xDD, 0x3A, 0x0B, 0x58,
225 0x67, 0x88, 0x06, 0xC3, 0x35, 0x0D, 0x01, 0x8B, 0x8C, 0xC2, 0xE6, 0x5F,
226 0x02, 0x24, 0x75, 0x93, 0x66, 0x1E, 0xE5, 0xE2, 0x54, 0xD8, 0x10, 0xCE,
227 0x7A, 0xE8, 0x08, 0x2C, 0x12, 0x97, 0x32, 0xAB, 0xB4, 0x27, 0x0A, 0x23,
228 0xDF, 0xEF, 0xCA, 0xD9, 0xB8, 0xFA, 0xDC, 0x31, 0x6B, 0xD1, 0xAD, 0x19,
229 0x49, 0xBD, 0x51, 0x96, 0xEE, 0xE4, 0xA8, 0x41, 0xDA, 0xFF, 0xCD, 0x55,
230 0x86, 0x36, 0xBE, 0x61, 0x52, 0xF8, 0xBB, 0x0E, 0x82, 0x48, 0x69, 0x9A,
231 0xE0, 0x47, 0x9E, 0x5C, 0x04, 0x4B, 0x34, 0x15, 0x79, 0x26, 0xA7, 0xDE,
232 0x29, 0xAE, 0x92, 0xD7, 0x84, 0xE9, 0xD2, 0xBA, 0x5D, 0xF3, 0xC5, 0xB0,
233 0xBF, 0xA4, 0x3B, 0x71, 0x44, 0x46, 0x2B, 0xFC, 0xEB, 0x6F, 0xD5, 0xF6,
234 0x14, 0xFE, 0x7C, 0x70, 0x5A, 0x7D, 0xFD, 0x2F, 0x18, 0x83, 0x16, 0xA5,
235 0x91, 0x1F, 0x05, 0x95, 0x74, 0xA9, 0xC1, 0x5B, 0x4A, 0x85, 0x6D, 0x13,
236 0x07, 0x4F, 0x4E, 0x45, 0xB2, 0x0F, 0xC9, 0x1C, 0xA6, 0xBC, 0xEC, 0x73,
237 0x90, 0x7B, 0xCF, 0x59, 0x8F, 0xA1, 0xF9, 0x2D, 0xF2, 0xB1, 0x00, 0x94,
238 0x37, 0x9F, 0xD0, 0x2E, 0x9C, 0x6E, 0x28, 0x3F, 0x80, 0xF0, 0x3D, 0xD3,
239 0x25, 0x8A, 0xB5, 0xE7, 0x42, 0xB3, 0xC7, 0xEA, 0xF7, 0x4C, 0x11, 0x33,
240 0x03, 0xA2, 0xAC, 0x60
241};
242// FO and FE are helpers for key schedule
243
244// r = FO( p, k ) ^ x
245
246static void aria_fo( uint32_t r[4],
247 const uint32_t p[4], const uint32_t k[4], const uint32_t x[4] )
248{
249 uint32_t a, b, c, d;
250 uint32_t t, u, v;
251
252 a = p[0] ^ k[0];
253 b = p[1] ^ k[1];
254 c = p[2] ^ k[2];
255 d = p[3] ^ k[3];
256
257 ARIA_SLA( a, b, c, d, aria_sb1, aria_sb2, aria_is1, aria_is2, t, u, v );
258
259 r[0] = a ^ x[0];
260 r[1] = b ^ x[1];
261 r[2] = c ^ x[2];
262 r[3] = d ^ x[3];
263}
264
265// r = FE( p, k ) ^ x
266
267static void aria_fe(uint32_t r[4],
268 const uint32_t p[4], const uint32_t k[4], const uint32_t x[4] )
269{
270 uint32_t a, b, c, d;
271 uint32_t t, u, v;
272
273 a = p[0] ^ k[0];
274 b = p[1] ^ k[1];
275 c = p[2] ^ k[2];
276 d = p[3] ^ k[3];
277
278 ARIA_SLA( a, b, c, d, aria_is1, aria_is2, aria_sb1, aria_sb2, t, u, v );
279
280 r[0] = a ^ x[0];
281 r[1] = b ^ x[1];
282 r[2] = c ^ x[2];
283 r[3] = d ^ x[3];
284}
285
286// Big endian 128-bit rotation: d = a ^ (b <<< n), used only in key setup.
287// This is relatively slow since our implementation is geared towards
288// little-endian targets and stores state in that order.
289
290static void aria_rot128(uint32_t r[4], const uint32_t a[4],
291 const uint32_t b[4], int n)
292{
293 int i, j, n1, n2;
294 uint32_t t, u;
295
296 j = (n >> 5) & 3; // word offset
297 n1 = n & 0x1F; // bit offsets
298 n2 = 32 - n1; // n1 should be nonzero!
299 t = ARIA_FLIP1( ARIA_FLIP2( b[j] ) ); // big endian
300 for( i = 0; i < 4; i++ )
301 {
302 j = (j + 1) & 3; // get next word, big endian
303 u = ARIA_FLIP1( ARIA_FLIP2( b[j] ) );
304 t <<= n1; // rotate
305 if (n2 < 32) // intel rotate 32 bits = 0 bits..
306 t |= u >> n2;
307 t = ARIA_FLIP1( ARIA_FLIP2( t ) ); // back to little endian
308 r[i] = a[i] ^ t; // store
309 t = u; // move to next word
310 }
311}
312
313// Set encryption key
314
315int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx,
316 const unsigned char *key, unsigned int keybits)
317{
318 // round constant masks
319 const uint32_t rc[3][4] =
320 {
321 { 0xB7C17C51, 0x940A2227, 0xE8AB13FE, 0xE06E9AFA },
322 { 0xCC4AB16D, 0x20C8219E, 0xD5B128FF, 0xB0E25DEF },
323 { 0x1D3792DB, 0x70E92621, 0x75972403, 0x0EC9E804 }
324 };
325
326 int i;
327 uint32_t w[4][4], *w2;
328
329 if (keybits != 128 && keybits != 192 && keybits != 256)
330 return MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH;
331
332 // W0 = KL
333 GET_UINT32_LE( w[0][0], key, 0 ); // copy key to W0 | W1
334 GET_UINT32_LE( w[0][1], key, 4 );
335 GET_UINT32_LE( w[0][2], key, 8 );
336 GET_UINT32_LE( w[0][3], key, 12 );
337
338 memset(w[1], 0, 16);
339 if( keybits >= 192 )
340 {
341 GET_UINT32_LE( w[1][0], key, 16 ); // 192 bit key
342 GET_UINT32_LE( w[1][1], key, 20 );
343 }
344 if( keybits == 256 )
345 {
346 GET_UINT32_LE( w[1][2], key, 24 ); // 256 bit key
347 GET_UINT32_LE( w[1][3], key, 28 );
348 }
349
350 i = (keybits - 128) >> 6; // index: 0, 1, 2
351 ctx->nr = 12 + 2 * i; // no. rounds: 12, 14, 16
352
353 aria_fo( w[1], w[0], rc[i], w[1] ); // W1 = FO(W0, CK1) ^ KR
354 i = i < 2 ? i + 1 : 0;
355 aria_fe( w[2], w[1], rc[i], w[0] ); // W2 = FE(W1, CK2) ^ W0
356 i = i < 2 ? i + 1 : 0;
357 aria_fo( w[3], w[2], rc[i], w[1] ); // W3 = FO(W2, CK3) ^ W1
358
359 for( i = 0; i < 4; i++ ) // create round keys
360 {
361 w2 = w[(i + 1) & 3];
362 aria_rot128( ctx->rk[i ], w[i], w2, -19);
363 aria_rot128( ctx->rk[i + 4], w[i], w2, -31);
364 aria_rot128( ctx->rk[i + 8], w[i], w2, 61);
365 aria_rot128( ctx->rk[i + 12], w[i], w2, 31);
366 }
367 aria_rot128( ctx->rk[16], w[0], w[1], 19 );
368
369 return 0;
370}
371
372// Set decryption key
373
374int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx,
375 const unsigned char *key, unsigned int keybits)
376{
377 int i, j, k, ret;
378 uint32_t t, u, v;
379
380 ret = mbedtls_aria_setkey_enc( ctx, key, keybits );
381 if( ret != 0 )
382 return ret;
383
384 // flip the order of round keys
385 for( i = 0, j = ctx->nr; i < j; i++, j-- )
386 {
387 for( k = 0; k < 4; k++ )
388 {
389 t = ctx->rk[i][k];
390 ctx->rk[i][k] = ctx->rk[j][k];
391 ctx->rk[j][k] = t;
392 }
393 }
394
395 // apply affine transform to middle keys
396 for (i = 1; i < ctx->nr; i++ )
397 {
398 ARIA_A( ctx->rk[i][0], ctx->rk[i][1], ctx->rk[i][2], ctx->rk[i][3],
399 t, u, v );
400 }
401
402 return 0;
403}
404
405// Encrypt a block
406
407int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
408 int mode,
409 const unsigned char input[16],
410 unsigned char output[16] )
411{
412 int i;
413
414 uint32_t a, b, c, d;
415 uint32_t t, u, v;
416
417 ( (void) mode );
418
419 GET_UINT32_LE( a, input, 0 );
420 GET_UINT32_LE( b, input, 4 );
421 GET_UINT32_LE( c, input, 8 );
422 GET_UINT32_LE( d, input, 12 );
423
424 i = 0;
425 while (1)
426 {
427 a ^= ctx->rk[i][0];
428 b ^= ctx->rk[i][1];
429 c ^= ctx->rk[i][2];
430 d ^= ctx->rk[i][3];
431 i++;
432 ARIA_SLA( a, b, c, d,
433 aria_sb1, aria_sb2, aria_is1, aria_is2, t, u, v );
434
435 a ^= ctx->rk[i][0];
436 b ^= ctx->rk[i][1];
437 c ^= ctx->rk[i][2];
438 d ^= ctx->rk[i][3];
439 i++;
440 if (i >= ctx->nr)
441 break;
442
443 ARIA_SLA( a, b, c, d,
444 aria_is1, aria_is2, aria_sb1, aria_sb2, t, u, v );
445 }
446
447 // final substitution
448
449 a = ctx->rk[i][0] ^
450 ( (uint32_t) aria_is1[ a & 0xFF]) ^
451 (((uint32_t) aria_is2[(a >> 8) & 0xFF]) << 8) ^
452 (((uint32_t) aria_sb1[(a >> 16) & 0xFF]) << 16) ^
453 (((uint32_t) aria_sb2[ a >> 24 ]) << 24);
454
455 b = ctx->rk[i][1] ^
456 ( (uint32_t) aria_is1[ b & 0xFF]) ^
457 (((uint32_t) aria_is2[(b >> 8) & 0xFF]) << 8) ^
458 (((uint32_t) aria_sb1[(b >> 16) & 0xFF]) << 16) ^
459 (((uint32_t) aria_sb2[ b >> 24 ]) << 24);
460
461 c = ctx->rk[i][2] ^
462 ( (uint32_t) aria_is1[ c & 0xFF]) ^
463 (((uint32_t) aria_is2[(c >> 8) & 0xFF]) << 8) ^
464 (((uint32_t) aria_sb1[(c >> 16) & 0xFF]) << 16) ^
465 (((uint32_t) aria_sb2[ c >> 24 ]) << 24);
466
467 d = ctx->rk[i][3] ^
468 ( (uint32_t) aria_is1[ d & 0xFF]) ^
469 (((uint32_t) aria_is2[(d >> 8) & 0xFF]) << 8) ^
470 (((uint32_t) aria_sb1[(d >> 16) & 0xFF]) << 16) ^
471 (((uint32_t) aria_sb2[ d >> 24 ]) << 24);
472
473 PUT_UINT32_LE( a, output, 0 );
474 PUT_UINT32_LE( b, output, 4 );
475 PUT_UINT32_LE( c, output, 8 );
476 PUT_UINT32_LE( d, output, 12 );
477
478 return 0;
479}
480
481
482
483#if defined(MBEDTLS_CIPHER_MODE_CBC)
484/*
485 * ARIA-CBC buffer encryption/decryption
486 */
487int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
488 int mode,
489 size_t length,
490 unsigned char iv[16],
491 const unsigned char *input,
492 unsigned char *output )
493{
494 int i;
495 unsigned char temp[16];
496
497 if( length % 16 )
498 return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH );
499
500 if( mode == MBEDTLS_ARIA_DECRYPT )
501 {
502 while( length > 0 )
503 {
504 memcpy( temp, input, 16 );
505 mbedtls_aria_crypt_ecb( ctx, mode, input, output );
506
507 for( i = 0; i < 16; i++ )
508 output[i] = (unsigned char)( output[i] ^ iv[i] );
509
510 memcpy( iv, temp, 16 );
511
512 input += 16;
513 output += 16;
514 length -= 16;
515 }
516 }
517 else
518 {
519 while( length > 0 )
520 {
521 for( i = 0; i < 16; i++ )
522 output[i] = (unsigned char)( input[i] ^ iv[i] );
523
524 mbedtls_aria_crypt_ecb( ctx, mode, output, output );
525 memcpy( iv, output, 16 );
526
527 input += 16;
528 output += 16;
529 length -= 16;
530 }
531 }
532
533 return( 0 );
534}
535#endif /* MBEDTLS_CIPHER_MODE_CBC */
536
537#if defined(MBEDTLS_CIPHER_MODE_CFB)
538/*
539 * ARIA-CFB128 buffer encryption/decryption
540 */
541int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
542 int mode,
543 size_t length,
544 size_t *iv_off,
545 unsigned char iv[16],
546 const unsigned char *input,
547 unsigned char *output )
548{
549 int c;
550 size_t n = *iv_off;
551
552 if( mode == MBEDTLS_ARIA_DECRYPT )
553 {
554 while( length-- )
555 {
556 if( n == 0 )
557 mbedtls_aria_crypt_ecb( ctx, MBEDTLS_ARIA_ENCRYPT, iv, iv );
558
559 c = *input++;
560 *output++ = (unsigned char)( c ^ iv[n] );
561 iv[n] = (unsigned char) c;
562
563 n = ( n + 1 ) & 0x0F;
564 }
565 }
566 else
567 {
568 while( length-- )
569 {
570 if( n == 0 )
571 mbedtls_aria_crypt_ecb( ctx, MBEDTLS_ARIA_ENCRYPT, iv, iv );
572
573 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
574
575 n = ( n + 1 ) & 0x0F;
576 }
577 }
578
579 *iv_off = n;
580
581 return( 0 );
582}
583#endif /* MBEDTLS_CIPHER_MODE_CFB */
584
585#if defined(MBEDTLS_CIPHER_MODE_CTR)
586/*
587 * ARIA-CTR buffer encryption/decryption
588 */
589int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
590 size_t length,
591 size_t *nc_off,
592 unsigned char nonce_counter[16],
593 unsigned char stream_block[16],
594 const unsigned char *input,
595 unsigned char *output )
596{
597 int c, i;
598 size_t n = *nc_off;
599
600 while( length-- )
601 {
602 if( n == 0 ) {
603 mbedtls_aria_crypt_ecb( ctx, MBEDTLS_ARIA_ENCRYPT, nonce_counter,
604 stream_block );
605
606 for( i = 16; i > 0; i-- )
607 if( ++nonce_counter[i - 1] != 0 )
608 break;
609 }
610 c = *input++;
611 *output++ = (unsigned char)( c ^ stream_block[n] );
612
613 n = ( n + 1 ) & 0x0F;
614 }
615
616 *nc_off = n;
617
618 return( 0 );
619}
620#endif /* MBEDTLS_CIPHER_MODE_CTR */
621#endif /* !MBEDTLS_ARIA_ALT */
622
623#if defined(MBEDTLS_SELF_TEST)
624
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]625// Basic ARIA ECB test vectors from RFC 5794
626
627static const uint8_t aria_test1_ecb_key[32] = // test key
628{
629 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 128 bit
630 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
631 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, // 192 bit
632 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F // 256 bit
633};
634
635static const uint8_t aria_test1_ecb_pt[16] = // plaintext
636{
637 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // same for all
638 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF // key sizes
639};
640
641static const uint8_t aria_test1_ecb_ct[3][16] = // ciphertext
642{
643 { 0xD7, 0x18, 0xFB, 0xD6, 0xAB, 0x64, 0x4C, 0x73, // 128 bit
644 0x9D, 0xA9, 0x5F, 0x3B, 0xE6, 0x45, 0x17, 0x78 },
645 { 0x26, 0x44, 0x9C, 0x18, 0x05, 0xDB, 0xE7, 0xAA, // 192 bit
646 0x25, 0xA4, 0x68, 0xCE, 0x26, 0x3A, 0x9E, 0x79 },
647 { 0xF9, 0x2B, 0xD7, 0xC7, 0x9F, 0xB7, 0x2E, 0x2F, // 256 bit
648 0x2B, 0x8F, 0x80, 0xC1, 0x97, 0x2D, 0x24, 0xFC }
649};
650
651// Mode tests from "Test Vectors for ARIA" Version 1.0
652// http://210.104.33.10/ARIA/doc/ARIA-testvector-e.pdf
653
Markku-Juhani O. Saarinen3c0b53b2017-11-30 16:00:34 +0000[diff] [blame^]654#if (defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) || \
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]655 defined(MBEDTLS_CIPHER_MODE_CTR))
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]656static const uint8_t aria_test2_key[32] =
657{
658 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // 128 bit
659 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
660 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // 192 bit
661 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff // 256 bit
662};
663
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]664static const uint8_t aria_test2_pt[48] =
665{
666 0x11, 0x11, 0x11, 0x11, 0xaa, 0xaa, 0xaa, 0xaa, // same for all
667 0x11, 0x11, 0x11, 0x11, 0xbb, 0xbb, 0xbb, 0xbb,
668 0x11, 0x11, 0x11, 0x11, 0xcc, 0xcc, 0xcc, 0xcc,
669 0x11, 0x11, 0x11, 0x11, 0xdd, 0xdd, 0xdd, 0xdd,
670 0x22, 0x22, 0x22, 0x22, 0xaa, 0xaa, 0xaa, 0xaa,
671 0x22, 0x22, 0x22, 0x22, 0xbb, 0xbb, 0xbb, 0xbb,
672};
Markku-Juhani O. Saarinen3c0b53b2017-11-30 16:00:34 +0000[diff] [blame^]673#endif
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]674
Markku-Juhani O. Saarinen3c0b53b2017-11-30 16:00:34 +0000[diff] [blame^]675#if (defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB))
676static const uint8_t aria_test2_iv[16] =
677{
678 0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78, // same for CBC, CFB
679 0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1, 0xf0 // CTR has zero IV
680};
681#endif
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]682
683#if defined(MBEDTLS_CIPHER_MODE_CBC)
684static const uint8_t aria_test2_cbc_ct[3][48] = // CBC ciphertxt
685{
686 { 0x49, 0xd6, 0x18, 0x60, 0xb1, 0x49, 0x09, 0x10, // 128-bit key
687 0x9c, 0xef, 0x0d, 0x22, 0xa9, 0x26, 0x81, 0x34,
688 0xfa, 0xdf, 0x9f, 0xb2, 0x31, 0x51, 0xe9, 0x64,
689 0x5f, 0xba, 0x75, 0x01, 0x8b, 0xdb, 0x15, 0x38,
690 0xb5, 0x33, 0x34, 0x63, 0x4b, 0xbf, 0x7d, 0x4c,
691 0xd4, 0xb5, 0x37, 0x70, 0x33, 0x06, 0x0c, 0x15 },
692 { 0xaf, 0xe6, 0xcf, 0x23, 0x97, 0x4b, 0x53, 0x3c, // 192-bit key
693 0x67, 0x2a, 0x82, 0x62, 0x64, 0xea, 0x78, 0x5f,
694 0x4e, 0x4f, 0x7f, 0x78, 0x0d, 0xc7, 0xf3, 0xf1,
695 0xe0, 0x96, 0x2b, 0x80, 0x90, 0x23, 0x86, 0xd5,
696 0x14, 0xe9, 0xc3, 0xe7, 0x72, 0x59, 0xde, 0x92,
697 0xdd, 0x11, 0x02, 0xff, 0xab, 0x08, 0x6c, 0x1e },
698 { 0x52, 0x3a, 0x8a, 0x80, 0x6a, 0xe6, 0x21, 0xf1, // 256-bit key
699 0x55, 0xfd, 0xd2, 0x8d, 0xbc, 0x34, 0xe1, 0xab,
700 0x7b, 0x9b, 0x42, 0x43, 0x2a, 0xd8, 0xb2, 0xef,
701 0xb9, 0x6e, 0x23, 0xb1, 0x3f, 0x0a, 0x6e, 0x52,
702 0xf3, 0x61, 0x85, 0xd5, 0x0a, 0xd0, 0x02, 0xc5,
703 0xf6, 0x01, 0xbe, 0xe5, 0x49, 0x3f, 0x11, 0x8b }
704};
705#endif /* MBEDTLS_CIPHER_MODE_CBC */
706
707#if defined(MBEDTLS_CIPHER_MODE_CFB)
708static const uint8_t aria_test2_cfb_ct[3][48] = // CFB ciphertxt
709{
710 { 0x37, 0x20, 0xe5, 0x3b, 0xa7, 0xd6, 0x15, 0x38, // 128-bit key
711 0x34, 0x06, 0xb0, 0x9f, 0x0a, 0x05, 0xa2, 0x00,
712 0xc0, 0x7c, 0x21, 0xe6, 0x37, 0x0f, 0x41, 0x3a,
713 0x5d, 0x13, 0x25, 0x00, 0xa6, 0x82, 0x85, 0x01,
714 0x7c, 0x61, 0xb4, 0x34, 0xc7, 0xb7, 0xca, 0x96,
715 0x85, 0xa5, 0x10, 0x71, 0x86, 0x1e, 0x4d, 0x4b },
716 { 0x41, 0x71, 0xf7, 0x19, 0x2b, 0xf4, 0x49, 0x54, // 192-bit key
717 0x94, 0xd2, 0x73, 0x61, 0x29, 0x64, 0x0f, 0x5c,
718 0x4d, 0x87, 0xa9, 0xa2, 0x13, 0x66, 0x4c, 0x94,
719 0x48, 0x47, 0x7c, 0x6e, 0xcc, 0x20, 0x13, 0x59,
720 0x8d, 0x97, 0x66, 0x95, 0x2d, 0xd8, 0xc3, 0x86,
721 0x8f, 0x17, 0xe3, 0x6e, 0xf6, 0x6f, 0xd8, 0x4b },
722 { 0x26, 0x83, 0x47, 0x05, 0xb0, 0xf2, 0xc0, 0xe2, // 256-bit key
723 0x58, 0x8d, 0x4a, 0x7f, 0x09, 0x00, 0x96, 0x35,
724 0xf2, 0x8b, 0xb9, 0x3d, 0x8c, 0x31, 0xf8, 0x70,
725 0xec, 0x1e, 0x0b, 0xdb, 0x08, 0x2b, 0x66, 0xfa,
726 0x40, 0x2d, 0xd9, 0xc2, 0x02, 0xbe, 0x30, 0x0c,
727 0x45, 0x17, 0xd1, 0x96, 0xb1, 0x4d, 0x4c, 0xe1 }
728};
729#endif /* MBEDTLS_CIPHER_MODE_CFB */
730
731#if defined(MBEDTLS_CIPHER_MODE_CTR)
732static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertxt
733{
734 { 0xac, 0x5d, 0x7d, 0xe8, 0x05, 0xa0, 0xbf, 0x1c, // 128-bit key
735 0x57, 0xc8, 0x54, 0x50, 0x1a, 0xf6, 0x0f, 0xa1,
736 0x14, 0x97, 0xe2, 0xa3, 0x45, 0x19, 0xde, 0xa1,
737 0x56, 0x9e, 0x91, 0xe5, 0xb5, 0xcc, 0xae, 0x2f,
738 0xf3, 0xbf, 0xa1, 0xbf, 0x97, 0x5f, 0x45, 0x71,
739 0xf4, 0x8b, 0xe1, 0x91, 0x61, 0x35, 0x46, 0xc3 },
740 { 0x08, 0x62, 0x5c, 0xa8, 0xfe, 0x56, 0x9c, 0x19, // 192-bit key
741 0xba, 0x7a, 0xf3, 0x76, 0x0a, 0x6e, 0xd1, 0xce,
742 0xf4, 0xd1, 0x99, 0x26, 0x3e, 0x99, 0x9d, 0xde,
743 0x14, 0x08, 0x2d, 0xbb, 0xa7, 0x56, 0x0b, 0x79,
744 0xa4, 0xc6, 0xb4, 0x56, 0xb8, 0x70, 0x7d, 0xce,
745 0x75, 0x1f, 0x98, 0x54, 0xf1, 0x88, 0x93, 0xdf },
746 { 0x30, 0x02, 0x6c, 0x32, 0x96, 0x66, 0x14, 0x17, // 256-bit key
747 0x21, 0x17, 0x8b, 0x99, 0xc0, 0xa1, 0xf1, 0xb2,
748 0xf0, 0x69, 0x40, 0x25, 0x3f, 0x7b, 0x30, 0x89,
749 0xe2, 0xa3, 0x0e, 0xa8, 0x6a, 0xa3, 0xc8, 0x8f,
750 0x59, 0x40, 0xf0, 0x5a, 0xd7, 0xee, 0x41, 0xd7,
751 0x13, 0x47, 0xbb, 0x72, 0x61, 0xe3, 0x48, 0xf1 }
752};
753#endif /* MBEDTLS_CIPHER_MODE_CFB */
754
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]755/*
756 * Checkup routine
757 */
758
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]759#define ARIA_SELF_TEST_IF_FAIL \
760 { \
761 if( verbose ) \
762 printf( "failed\n" ); \
763 return( 1 ); \
764 } else { \
765 if( verbose ) \
766 printf( "passed\n" ); \
767 }
768
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]769int mbedtls_aria_self_test( int verbose )
770{
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]771 int i;
772 uint8_t blk[16];
773 mbedtls_aria_context ctx;
Markku-Juhani O. Saarinen3c0b53b2017-11-30 16:00:34 +0000[diff] [blame^]774
775#if (defined(MBEDTLS_CIPHER_MODE_CFB) || \
776 defined(MBEDTLS_CIPHER_MODE_CTR))
777 size_t j;
778#endif
779
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]780#if (defined(MBEDTLS_CIPHER_MODE_CBC) || \
781 defined(MBEDTLS_CIPHER_MODE_CFB) || \
782 defined(MBEDTLS_CIPHER_MODE_CTR))
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]783 uint8_t buf[48], iv[16];
784#endif
785
786 // Test set 1
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]787
788 for( i = 0; i < 3; i++ )
789 {
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]790 // test ECB encryption
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]791 if( verbose )
792 printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i);
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]793 mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i );
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]794 mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_ENCRYPT,
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]795 aria_test1_ecb_pt, blk );
796 if( memcmp( blk, aria_test1_ecb_ct[i], 16 ) != 0 )
797 ARIA_SELF_TEST_IF_FAIL;
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]798
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]799 // test ECB decryption
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]800 if( verbose )
801 printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i);
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]802 mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i );
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]803 mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_DECRYPT,
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]804 aria_test1_ecb_ct[i], blk );
805 if (memcmp( blk, aria_test1_ecb_pt, 16 ) != 0)
806 ARIA_SELF_TEST_IF_FAIL;
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]807 }
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame]808 if( verbose )
809 printf("\n");
810
811 // Test set 2
812
813#if defined(MBEDTLS_CIPHER_MODE_CBC)
814 for( i = 0; i < 3; i++ )
815 {
816 // Test CBC encryption
817 if( verbose )
818 printf( " ARIA-CBC-%d (enc): ", 128 + 64 * i);
819 mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
820 memcpy( iv, aria_test2_iv, 16 );
821 memset( buf, 0x55, sizeof(buf) );
822 mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv,
823 aria_test2_pt, buf );
824 if( memcmp( buf, aria_test2_cbc_ct[i], 48 ) != 0 )
825 ARIA_SELF_TEST_IF_FAIL;
826
827 // Test CBC decryption
828 if( verbose )
829 printf( " ARIA-CBC-%d (dec): ", 128 + 64 * i);
830 mbedtls_aria_setkey_dec( &ctx, aria_test2_key, 128 + 64 * i );
831 memcpy( iv, aria_test2_iv, 16 );
832 memset( buf, 0xAA, sizeof(buf) );
833 mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv,
834 aria_test2_cbc_ct[i], buf );
835 if( memcmp( buf, aria_test2_pt, 48 ) != 0 )
836 ARIA_SELF_TEST_IF_FAIL;
837 }
838 if( verbose )
839 printf("\n");
840
841#endif /* MBEDTLS_CIPHER_MODE_CBC */
842
843#if defined(MBEDTLS_CIPHER_MODE_CFB)
844 for( i = 0; i < 3; i++ )
845 {
846 // Test CFB encryption
847 if( verbose )
848 printf( " ARIA-CFB-%d (enc): ", 128 + 64 * i);
849 mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
850 memcpy( iv, aria_test2_iv, 16 );
851 memset( buf, 0x55, sizeof(buf) );
852 j = 0;
853 mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv,
854 aria_test2_pt, buf );
855 if( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 )
856 ARIA_SELF_TEST_IF_FAIL;
857
858 // Test CFB decryption
859 if( verbose )
860 printf( " ARIA-CFB-%d (dec): ", 128 + 64 * i);
861 mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
862 memcpy( iv, aria_test2_iv, 16 );
863 memset( buf, 0xAA, sizeof(buf) );
864 j = 0;
865 mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j,
866 iv, aria_test2_cfb_ct[i], buf );
867 if( memcmp( buf, aria_test2_pt, 48 ) != 0 )
868 ARIA_SELF_TEST_IF_FAIL;
869 }
870 if( verbose )
871 printf("\n");
872#endif /* MBEDTLS_CIPHER_MODE_CFB */
873
874#if defined(MBEDTLS_CIPHER_MODE_CTR)
875 for( i = 0; i < 3; i++ )
876 {
877 // Test CTR encryption
878 if( verbose )
879 printf( " ARIA-CTR-%d (enc): ", 128 + 64 * i);
880 mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
881 memset( iv, 0, 16 ); // IV = 0
882 memset( buf, 0x55, sizeof(buf) );
883 j = 0;
884 mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
885 aria_test2_pt, buf );
886 if( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 )
887 ARIA_SELF_TEST_IF_FAIL;
888
889 // Test CTR decryption
890 if( verbose )
891 printf( " ARIA-CTR-%d (dec): ", 128 + 64 * i);
892 mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
893 memset( iv, 0, 16 ); // IV = 0
894 memset( buf, 0xAA, sizeof(buf) );
895 j = 0;
896 mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
897 aria_test2_ctr_ct[i], buf );
898 if( memcmp( buf, aria_test2_pt, 48 ) != 0 )
899 ARIA_SELF_TEST_IF_FAIL;
900 }
901 if( verbose )
902 printf("\n");
903#endif /* MBEDTLS_CIPHER_MODE_CTR */
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]904
905 return( 0 );
906}
907
908#endif /* MBEDTLS_SELF_TEST */
909
910#endif /* MBEDTLS_ARIA_C */